Path-Sensitive Dataflow Analysis with Iterative Refinement
In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates —...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Tagungsbericht |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 442 |
---|---|
container_issue | |
container_start_page | 425 |
container_title | |
container_volume | |
creator | Dhurjati, Dinakar Das, Manuvir Yang, Yue |
description | In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates — one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide merge operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems. |
doi_str_mv | 10.1007/11823230_27 |
format | Conference Proceeding |
fullrecord | <record><control><sourceid>pascalfrancis_sprin</sourceid><recordid>TN_cdi_pascalfrancis_primary_19206628</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>19206628</sourcerecordid><originalsourceid>FETCH-LOGICAL-p219t-f5ce9b1dd8af1c6508cfb0022d24f8ddff0330482f3791fc52b986b5a62603e73</originalsourceid><addsrcrecordid>eNpVkDtPwzAUhc1LopRO_IEsDAyB63sTP9iq8pQqgXjMlpPY1JCmVWxR9d9TKANMZ_g-nSMdxk44nHMAecG5QkICg3KHjbRUVBZAUpYKdtmAC85zokLv_WNC7LMBEGCuZUGH7CjGdwBAqXHALh9tmuXProshhU-XXdlkfbtYZePOtusYYrYKaZbdJ9fbH-HJ-dC5uevSMTvwto1u9JtD9npz_TK5y6cPt_eT8TRfItcp92XtdMWbRlnPa1GCqn21mccGC6-axnsggkKhJ6m5r0ustBJVaQUKICdpyE63vUsba9v63nZ1iGbZh7nt14ZrBCFQbbyzrRc3qHtzvakWi49oOJjv88yf8-gLXjtbWg</addsrcrecordid><sourcetype>Index Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Path-Sensitive Dataflow Analysis with Iterative Refinement</title><source>Springer Books</source><creator>Dhurjati, Dinakar ; Das, Manuvir ; Yang, Yue</creator><contributor>Yi, Kwangkeun</contributor><creatorcontrib>Dhurjati, Dinakar ; Das, Manuvir ; Yang, Yue ; Yi, Kwangkeun</creatorcontrib><description>In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates — one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide merge operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 9783540377566</identifier><identifier>ISBN: 3540377565</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 9783540377580</identifier><identifier>EISBN: 3540377581</identifier><identifier>DOI: 10.1007/11823230_27</identifier><language>eng</language><publisher>Berlin, Heidelberg: Springer Berlin Heidelberg</publisher><subject>Applied sciences ; Computer science; control theory; systems ; Exact sciences and technology ; Model Check ; Path Feasibility ; Program Point ; Real Error ; Software ; Software engineering ; Symbolic State</subject><ispartof>Lecture notes in computer science, 2006, p.425-442</ispartof><rights>Springer-Verlag Berlin Heidelberg 2006</rights><rights>2007 INIST-CNRS</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/11823230_27$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/11823230_27$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>309,310,775,776,780,785,786,789,4035,4036,27904,38234,41421,42490</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=19206628$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><contributor>Yi, Kwangkeun</contributor><creatorcontrib>Dhurjati, Dinakar</creatorcontrib><creatorcontrib>Das, Manuvir</creatorcontrib><creatorcontrib>Yang, Yue</creatorcontrib><title>Path-Sensitive Dataflow Analysis with Iterative Refinement</title><title>Lecture notes in computer science</title><description>In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates — one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide merge operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems.</description><subject>Applied sciences</subject><subject>Computer science; control theory; systems</subject><subject>Exact sciences and technology</subject><subject>Model Check</subject><subject>Path Feasibility</subject><subject>Program Point</subject><subject>Real Error</subject><subject>Software</subject><subject>Software engineering</subject><subject>Symbolic State</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>9783540377566</isbn><isbn>3540377565</isbn><isbn>9783540377580</isbn><isbn>3540377581</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2006</creationdate><recordtype>conference_proceeding</recordtype><recordid>eNpVkDtPwzAUhc1LopRO_IEsDAyB63sTP9iq8pQqgXjMlpPY1JCmVWxR9d9TKANMZ_g-nSMdxk44nHMAecG5QkICg3KHjbRUVBZAUpYKdtmAC85zokLv_WNC7LMBEGCuZUGH7CjGdwBAqXHALh9tmuXProshhU-XXdlkfbtYZePOtusYYrYKaZbdJ9fbH-HJ-dC5uevSMTvwto1u9JtD9npz_TK5y6cPt_eT8TRfItcp92XtdMWbRlnPa1GCqn21mccGC6-axnsggkKhJ6m5r0ustBJVaQUKICdpyE63vUsba9v63nZ1iGbZh7nt14ZrBCFQbbyzrRc3qHtzvakWi49oOJjv88yf8-gLXjtbWg</recordid><startdate>2006</startdate><enddate>2006</enddate><creator>Dhurjati, Dinakar</creator><creator>Das, Manuvir</creator><creator>Yang, Yue</creator><general>Springer Berlin Heidelberg</general><general>Springer</general><scope>IQODW</scope></search><sort><creationdate>2006</creationdate><title>Path-Sensitive Dataflow Analysis with Iterative Refinement</title><author>Dhurjati, Dinakar ; Das, Manuvir ; Yang, Yue</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-p219t-f5ce9b1dd8af1c6508cfb0022d24f8ddff0330482f3791fc52b986b5a62603e73</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2006</creationdate><topic>Applied sciences</topic><topic>Computer science; control theory; systems</topic><topic>Exact sciences and technology</topic><topic>Model Check</topic><topic>Path Feasibility</topic><topic>Program Point</topic><topic>Real Error</topic><topic>Software</topic><topic>Software engineering</topic><topic>Symbolic State</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Dhurjati, Dinakar</creatorcontrib><creatorcontrib>Das, Manuvir</creatorcontrib><creatorcontrib>Yang, Yue</creatorcontrib><collection>Pascal-Francis</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Dhurjati, Dinakar</au><au>Das, Manuvir</au><au>Yang, Yue</au><au>Yi, Kwangkeun</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Path-Sensitive Dataflow Analysis with Iterative Refinement</atitle><btitle>Lecture notes in computer science</btitle><date>2006</date><risdate>2006</risdate><spage>425</spage><epage>442</epage><pages>425-442</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>9783540377566</isbn><isbn>3540377565</isbn><eisbn>9783540377580</eisbn><eisbn>3540377581</eisbn><abstract>In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates — one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide merge operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems.</abstract><cop>Berlin, Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/11823230_27</doi><tpages>18</tpages></addata></record> |
fulltext | fulltext |
identifier | ISSN: 0302-9743 |
ispartof | Lecture notes in computer science, 2006, p.425-442 |
issn | 0302-9743 1611-3349 |
language | eng |
recordid | cdi_pascalfrancis_primary_19206628 |
source | Springer Books |
subjects | Applied sciences Computer science control theory systems Exact sciences and technology Model Check Path Feasibility Program Point Real Error Software Software engineering Symbolic State |
title | Path-Sensitive Dataflow Analysis with Iterative Refinement |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T11%3A29%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-pascalfrancis_sprin&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Path-Sensitive%20Dataflow%20Analysis%20with%20Iterative%20Refinement&rft.btitle=Lecture%20notes%20in%20computer%20science&rft.au=Dhurjati,%20Dinakar&rft.date=2006&rft.spage=425&rft.epage=442&rft.pages=425-442&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=9783540377566&rft.isbn_list=3540377565&rft_id=info:doi/10.1007/11823230_27&rft_dat=%3Cpascalfrancis_sprin%3E19206628%3C/pascalfrancis_sprin%3E%3Curl%3E%3C/url%3E&rft.eisbn=9783540377580&rft.eisbn_list=3540377581&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |